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Secure Shell access (SSH) is the established 
method of connecting to a remote Linux 
machine. 

I rely on it multiple times a day. 

However, there was once a time when I did not 
have ready access to SSH and created my 
own solution. 

Here is how my (In)Secure Shell Access came 
to be. 
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This story takes place more 
than a decade ago. 

I was new to programming and 
Linux, and I wanted a way to be 
able to control my computer 
from my phone while remote. 






Pre-Smartphone Era 



If this were 2019 and I had a 
smartphone with an unlimited 
high-speed data plan, this 
would be straightforward. 


Connection Lost 
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Unfortunately, this was not 
2019.1 had a Motorola RAZR 
and no data plan. 



Email to the Rescue 



Fortunately, I had a text messaging 
plan and my carrier allowed sending 
emails via text message. 

There was also an email SMS 
gateway you could send mail to 
which would deliver the message to 
my phone as a text message. 



























Destination Unknown 



This was good. I was making 
progress. I had two-way 
communication between my 
phone and the internet. 

But who do I communicate 

with? 




The Magic Plus Sign 
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GMail was still relatively new at the time. I 
decided I would take advantage of 
foo+bar@gmail.com ending up at 
foo@gmail.com, which could then be easily 
filtered and labeled. 

This allowed me to send the email to myself. 
Creating a separate email account felt like 
unnecessary extra work for no real win. 


Perl: To Infinite and Beyond 
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Next up was conning up with a method of 
processing these messages from my 
computer. 

I wrote a Perl script that would run in an 
infinite loop, connect to my GMail 
account (using hard-coded credentials), 
and find all unread messages with a 
particular label. 
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The script would execute any 
commands contained in the 
email and send a message 
with the output back to my 
phone. It worked great! 



























Say Cheese 



I knew I could use a shell to 
launch and manipulate GUI 
applications. But how could I see 
if it worked? I extended the script 
to take and publish a screenshot 
to a public facing website I ran. 









Nearly There 



At this point, the script was 
nearly complete. I could 
execute commands, get the 
output, and see the contents 
of my display. 


Permission Denied 
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But I still couldn t update the 
packages on my computer 
remotely. 

This required root access. 



sudo make me a sandwich 



So what did I do? I modified 
the script to run as root. 

My (In)Secure Shell Access 
solution was complete! 




What's so bad? 



As I m sure there are people 
out there (like me from 10+ 
years ago) who don't 
understand why this is 
insecure, let me explain. 








Spoofing 



1) Emails can be spoofed. It 
would not have been too difficult 
for an attacker to discover my 
secret email address and spoof 
an email to gain the ability to 
execute commands. 




2) Having the ability to view the 
contents of my display in real time 
makes it easy for an attacker to see 
every document I write, every site I visit, 
and every person I interact with. I would 
also have no idea that they are even 
watching. 










3) Running the script as root 
means that anyone gaining access 
to the script immeidately has full 
access to my computer. 

They can run any command and 
access all files. Nothing is off limits. 









The End 
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This concludes the story of my 
(In)Secure Shell Access 
Solution. 

Please never do this. Use SSH! 



